The question is more about architecture to choose then coding per se. I have my app deployed on AWS ECS (cluster made of ec2 instances running containers). How can I install OSSEC HIDS in that setup? As a side container for every app container or it should be centralized somehow?
Thank you for any hints.
Rule of thumb "One process per container", you should not install any agent in a docker container.
You can follow two approaches
For ECS optimized AMI, create custom AMI and configure the agent on that rest of the procedure will be same as standard EC2 machine.
how-to-monitor-host-based-intrusion-detection-system-alerts-on-amazon-ec2-instances